RSARhosts / Hostbased auth and euid=0 requirement

Markus Friedl markus at
Thu May 23 18:33:04 EST 2002

On Tue, May 08, 2001 at 04:03:16PM -0700, Carson Gaspar wrote:
> >however, i think about moving the client side of
> >hostbased authentication out of ssh, to a setuid binary
> >	/usr/libexec/ssh-keysign
> >and remove the sbit from ssh.
> >ssh-keysign will read the hostkeys and generate a valid
> >signature.
> Great. Is this going to be implemented anytime soon? If so, I withdraw my 
> suggestion. If not, please lets get a stop-gap solution in place quickly.

here's an experimental patch (against OpenBSD's cvs):

More information about the openssh-unix-dev mailing list